17 April 2015

How can there be a workforce shortage in information security if global professionals are reporting rising salaries, increased budgets, high job satisfaction rates and low changes in employment status? The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world.

The analysts from Frost & Sullivan forecast a shortfall of 1.5 million by 2020. This number is compounded by 45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals. These findings were reported despite security spending increases across the board for technology, personnel and training; rising average annual salaries; high rates of job satisfaction and low rates of change to employment status. With so many respondents making these claims from the nearly 14,000 total GISWS participants worldwide, let’s start to address the question, “how are we going to fill this workforce gap?”

Globally, we’ll need to make a concerted effort over the next five years to change the rate at which new entrants are coming into the information security workforce to close this gap. Let’s try:

Recognizing that attracting talent from this digital generation requires new partnerships and thinking. In addition to building awareness of this career field, offering more opportunities for internships and apprenticeships, and entry-level pathways for students post education we need to consider additional sources of talent and improve our ability to assess such talent.

Reaching our youngest generation as tomorrow’s leaders start to formulate ideas about their futures. Integrating cybersecurity and information security into academic curricula, particularly within IT, is one way to accomplish this.

Opening up new sources of talent or expanding use of talent that is still untapped (community college students, returning service members, minorities and women). We need to expand public and private partnerships to more effectively tap into this scarce talent.

Integrating tools and processes to optimize overall talent resources. Today’s CISOs and CIOs need to start forcing more integration into their operations – that is, better leveraging automation and building the right skills with the right tools among staff to get the right results.

In today’s connected society, the dangers of this workforce shortage are far-reaching and serious.

(ISC)² and Booz Allen are contributing to the solution in a number of ways. The (ISC)² Global Academic Program aims to establish a joint framework for industry-academic cooperation to bridge the workforce gap between the increasing demand for qualified cybersecurity professionals and the amount of skilled professionals entering the industry. (ISC)² has also introduced certifications to fill skills gaps in vertical industries that require more security considerations as more of those industry components become digitized. Through the (ISC)² Foundation, additional scholarship programs have been introduced – including the USA Cyber Warrior Scholarship Program, delivered in partnership with Booz Allen Hamilton. The program supports student participation in cybersecurity challenges, offers joint white papers produced with academia, and has expanded the scope of the Safe and Secure Online program to introduce children to a stable and rewarding career in information security.

Leaders from (ISC)², The White House, Booz Allen and Frost & Sullivan will address RSA participants during a panel session on the survey, “Status of the Industry: 2015 Global Information Security Workforce Study” taking place at RSA Conference 2015 on Monday, April 20 from 9:00 a.m.-9:50 a.m. PDT in Room 3022 of Moscone Center West. More information on this session can be found here: http://www.rsaconference.com/events/us15/agenda/sessions/1803/status-of-the-industry-2015-global-information. Follow the conversation on Twitter @ISC2 #RSAC.

Comments

How can there be a workforce shortage in information security if global professionals are reporting rising salaries, increased budgets, high job satisfaction rates and low changes in employment status? The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world.

The analysts from Frost & Sullivan forecast a shortfall of 1.5 million by 2020. This number is compounded by 45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals. These findings were reported despite security spending increases across the board for technology, personnel and training; rising average annual salaries; high rates of job satisfaction and low rates of change to employment status. With so many respondents making these claims from the nearly 14,000 total GISWS participants worldwide, let’s start to address the question, “how are we going to fill this workforce gap?”

Globally, we’ll need to make a concerted effort over the next five years to change the rate at which new entrants are coming into the information security workforce to close this gap. Let’s try:

Recognizing that attracting talent from this digital generation requires new partnerships and thinking. In addition to building awareness of this career field, offering more opportunities for internships and apprenticeships, and entry-level pathways for students post education we need to consider additional sources of talent and improve our ability to assess such talent.

Reaching our youngest generation as tomorrow’s leaders start to formulate ideas about their futures. Integrating cybersecurity and information security into academic curricula, particularly within IT, is one way to accomplish this.

Opening up new sources of talent or expanding use of talent that is still untapped (community college students, returning service members, minorities and women). We need to expand public and private partnerships to more effectively tap into this scarce talent.

Integrating tools and processes to optimize overall talent resources. Today’s CISOs and CIOs need to start forcing more integration into their operations – that is, better leveraging automation and building the right skills with the right tools among staff to get the right results.

In today’s connected society, the dangers of this workforce shortage are far-reaching and serious.

(ISC)² and Booz Allen are contributing to the solution in a number of ways. The (ISC)² Global Academic Program aims to establish a joint framework for industry-academic cooperation to bridge the workforce gap between the increasing demand for qualified cybersecurity professionals and the amount of skilled professionals entering the industry. (ISC)² has also introduced certifications to fill skills gaps in vertical industries that require more security considerations as more of those industry components become digitized. Through the (ISC)² Foundation, additional scholarship programs have been introduced – including the USA Cyber Warrior Scholarship Program, delivered in partnership with Booz Allen Hamilton. The program supports student participation in cybersecurity challenges, offers joint white papers produced with academia, and has expanded the scope of the Safe and Secure Online program to introduce children to a stable and rewarding career in information security.

Leaders from (ISC)², The White House, Booz Allen and Frost & Sullivan will address RSA participants during a panel session on the survey, “Status of the Industry: 2015 Global Information Security Workforce Study” taking place at RSA Conference 2015 on Monday, April 20 from 9:00 a.m.-9:50 a.m. PDT in Room 3022 of Moscone Center West. More information on this session can be found here: http://www.rsaconference.com/events/us15/agenda/sessions/1803/status-of-the-industry-2015-global-information. Follow the conversation on Twitter @ISC2 #RSAC.